Abstract
A security policy is intended to regulate the behaviour of a socio-technical system (computers, networks and humans) in such a way as to ensure that certain properties are maintained or goals achieved. Two problems arise here: regulating the behaviour of humans is non-trivial and, secondly, many security goals are not ”enforceable” in the Schneider sense,[1]. Thus, security policy mechanisms inevitably involve approximations and trade-offs.
We discuss the theoretical and practical limitations on what is technically enforceable and argue for the need for models that encompass social as well as technical enforcement mechanisms.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Schneider, F.B.: Enforceable Security Policies. ACM Transactions on Information and System Security 3(1), 30–50 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ryan, P.Y.A. (2005). Enforcing the Unenforceable. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_22
Download citation
DOI: https://doi.org/10.1007/11542322_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)